Ben:
> I also had the sense that ekr noted that we didn't want to do this in the
> core spec.
> So, could you point me more clearly at what you would want to change in the
> core spec that would allow doing the thing you want to see done in a future
> document? (Is it just removing "i.e., when a PSK is not in use"?)
>
I am not looking to put the details in the core spec. I think I said that in
my first posting. However, I do want to ensure that the identity associated
with the external PSK and the certificate are both considered. There needs to
be a hook in the core spec for that to happen.
I quotes the part of the core spec that seems to say otherwise.
>>> On Thu, Dec 22, 2016 at 4:54 PM Russ Housley <hous...@vigilsec.com> wrote:
>>> I want to make sure that it is possible to mix PSK with (EC)DH as a
>>> protection against the discovery of a quantum computer. I recognize that
>>> the WG does not want to tackle this topic in the base specification;
>>> however, the following text in Section 4.1.1 makes this difficult to do so
>>> in a companion document:
>>>
>>> > The server indicates its selected parameters in the ServerHello as
>>> > follows:
>>> >
>>> > - If PSK is being used then the server will send a "pre_shared_key"
>>> > extension indicating the selected key.
>>> >
>>> > - If PSK is not being used, then (EC)DHE and certificate-based
>>> > authentication are always used.
>>> >
>>> > - When (EC)DHE is in use, the server will also provide a "key_share"
>>> > extension.
>>> >
>>> > - When authenticating via a certificate (i.e., when a PSK is not in
>>> > use), the server will send the Certificate (Section 4.4.1) and
>>> > CertificateVerify (Section 4.4.2) messages.
Russ
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
